Hi Everyone.
I'm trying to add a field (user_principal_name) with processors to have common point of reference while searching different indexes (ftd, ad logs, azure logs etc.)
I tried adding this processor to cisco ftd integration to have user.email copy to user_principal_name
- copy_fields:
fields:
- from: user.email
to: user_principal_name
fail_on_error: false
ignore_missing: true
But no field created. Am I missing something?